Behind The Scene

Main navigation

Android Permissions on Kitkat, Lollipop and Marshmallow

How does android handles permissions in different versions

In a recent article we talked about how you give privilege to apps on install time to gain access to different parts of your android device. Today we're going deeper into how android handles these permissions in the previous 3 android updates : Kitkat (Api level 19 and 20) Lollipop (Api level 21 and 22) Marshmallow (Api level 23).

Each of the versions of android have distinct behavior regarding permissions, but we're simply focusing on these three major updates because Protektoid is designed to run on devices with minimum Api level of 19 (Kitkat).

Api level 19 & 20 : Kitkat

In this version of android, each app needs to request for permission at install time. Once a permission is granted there is no way to deny that permission for the given app. The only way is to uninstall the app.

Here we list the new set of permissions that were introduced :

com.android.launcher.permission.INSTALL_SHORTCUT

com.android.launcher.permission.UNINSTALL_SHORTCUT

android.permission.TRANSMIT_IR

The first two permissions allow an app to install or uninstall a shortcut on the app launcher of the device respectively. The last item gives permission to an app to use the device's IR Transmitter if it has any. Based on android's concept of Protection Level of permissions, all three of these permissions belong to the Normal Protection Level. The notable update that was introduced with this version of android was the ability to read / write from/to app's private directory without asking for READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE. However the app requires to ask for permissions if the app intends to write to device's internal storage or SD card!

Api level 21 & 22 : Lollipop

Android introduced a lot of features regarding Custom Permissions in this version which is out of the scope of this article (we're focused on System Permissions). The only new permission that was introduced was the following :

android.permission.BIND_DREAM_SERVICE

Daydream is an interactive screensaver mode that is activated when the device is inserted into a dock or left idle etc ... (can be configured). This permission has "signature" protection level which simply means , it is not available for third party apps. Like Kitkat, there is no way to revoke permissions for an app targeted to lollipop.

Api level 23 : Marshmallow

With the introduction of Marshmallow a new way of defining permissions was introduced to the android community. Devices running Marshmallow can revoke access to certain permissions at any time from the app's setting page. Two new categories were also introduced : Dangerous and Normal Permissions. If an app is targeted to Marshmallow , you don't get the list of required permissions at install time instead you get a message that this app will ask you for permission at run-time.

Dangerous Permissions and Permission Request at Run-time

Permissions that belong to this category require to ask for permissions from the user the first time the app is run. As mentioned earlier, you can deny the permission for each permission by going to the setting page of the app and click on permissions and then deny or allow permissions. Below you can see the list of dangerous permissions that need run-time request in order for the app to be able to access their features :

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

com.android.voicemail.permission.ADD_VOICEMAIL

android.permission.BODY_SENSORS

android.permission.CALL_PHONE

android.permission.CAMERA

android.permission.GET_ACCOUNTS

android.permission.PROCESS_OUTGOING_CALLS

android.permission.READ_CALENDAR

android.permission.READ_CALL_LOG

android.permission.READ_CONTACTS

android.permission.READ_EXTERNAL_STORAGE

android.permission.READ_PHONE_STATE

android.permission.READ_SMS

android.permission.RECEIVE_MMS

android.permission.RECEIVE_SMS

android.permission.RECEIVE_WAP_PUSH

android.permission.RECORD_AUDIO

android.permission.SEND_SMS

android.permission.USE_SIP

android.permission.WRITE_CALENDAR

android.permission.WRITE_CALL_LOG

android.permission.WRITE_CONTACTS

android.permission.WRITE_EXTERNAL_STORAGE

You can control the status of dangerous permissions for apps that are targeted for marshmallow as well as apps below marshmallow however upon denial of an app that was targeted below marshmallow, you might crash the app or receive certain unintended behavior from the app because it was not designed to work without certain permissions!

Normal Permissions

Unlike Dangerous Permissions, Normal Permissions cannot be denied by the user. Below you see the list of all normal permissions present in android Marshmallow.

android.permission.ACCESS_LOCATION_EXTRA_COMMANDS

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_NOTIFICATION_POLICY

android.permission.ACCESS_WIFI_STATE

android.permission.ACCESS_WIMAX_STATE

android.permission.BLUETOOTH

android.permission.BLUETOOTH_ADMIN

android.permission.BROADCAST_STICKY

android.permission.CHANGE_NETWORK_STATE

android.permission.CHANGE_WIFI_MULTICAST_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.CHANGE_WIMAX_STATE

android.permission.DISABLE_KEYGUARD

android.permission.EXPAND_STATUS_BAR

android.permission.FLASHLIGHT

android.permission.GET_ACCOUNTS

android.permission.GET_PACKAGE_SIZE

android.permission.INTERNET

android.permission.KILL_BACKGROUND_PROCESSES

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.NFC

android.permission.READ_SYNC_SETTINGS

android.permission.READ_SYNC_STATS

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.REORDER_TASKS

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.SET_TIME_ZONE

android.permission.SET_WALLPAPER

android.permission.SET_WALLPAPER_HINTS

android.permission.SUBSCRIBED_FEEDS_READ

android.permission.TRANSMIT_IR

android.permission.USE_FINGERPRINT

android.permission.VIBRATE

android.permission.WAKE_LOCK

android.permission.WRITE_SYNC_SETTINGS

com.android.alarm.permission.SET_ALARM

com.android.launcher.permission.INSTALL_SHORTCUT

com.android.launcher.permission.UNINSTALL_SHORTCUT

Conclusion

There hasn't been any major improvements in terms of permission access until android marshmallow. With a device running marshmallow you can control almost all the critical permissions of your device. However the way these permissions are categorized might not satisfy concerns of many users who are privacy oriented. For instance allowance of Network permissions for apps by default that cannot be denied, combined with other auto granted permissions is a big danger to users concerning about their privacy!